@nbering This is contrasted against mandatory access control (access granted based on a user’s security clearance level), role-based access control (access granted based on predefined roles to which the user is assigned), rule-based access control (rules describe the circumstances under which access is granted) and attribute-based access control (access is granted based on the attributes of the user and the attributes of the object).
@stringlytyped Thanks! I was familiar with role-based access control by name.
I’d never heard anyone use the term discretionary access control… but it’s certainly fitting.
@nbering Yeah, I don’t know how often that term is used in the industry. But hopefully now you have something you can Google. The exam doesn’t seem to go into any more detail than that, so I’m afraid I don’t have anything to point you to if you wanted more info
@stringlytyped That was quite helpful.
Are you finding your Security+ exam prep helpful? I’ve been pondering whether to apply myself to certification prep for a while, but nothing has struck my fancy enough to commit to.
@nbering Awesome, I’m glad 😊
Some of it is just formalizing stuff I already kind of knew, but there are enough things that I haven’t had much exposure to that keep me interested. (Keep in mind that I don’t really have any infosec expertise and this my first attempt at any sort of formal training in this area.) I don’t think it will be a difficult exam, but the material covered is quite broad so there is a lot of reading and note taking that has to be done
A Mastodon instance for info/cyber security-minded people.